KysenMurrin wrote:I'm not aware of any limits on my debit card apart from £250 on ATM withdrawals. At least I can't find a single thing mentioning any limits on my bank's website. I think the most I've used it for, though, was booking flights and hotel earlier this year for about £850.

Restrictions are at a personal level. They would've been included when you first got your debit or credit card (in the fine print) and can fluctuate at any time as the bank sees fit. The web site would be unlikely to list limits as they are different for every person based on personal transaction history.

I seriously just want to stress that just because people are not aware of limits, does not mean that they don't exist.

There's another thing about this that pisses me off.. My WoW email address is a "clean" address that I use for a few other services. If that email address starts getting spammed to death, and I have to create a new address to use on all those services, I will be quite upset, and though I don't expect Blizz to answer, I'll send them an invoice for my time cleaning that up.

Amirya wrote:... because everyone needs a Catagonskin rug.

twinkfist wrote:i feel bad for the Mogu...having to deal with alcoholic bears.

Fridmarr wrote:I'm 100% certain. In fact I recently used it to drop a rather hefty down payment on a new car. Because of the balances that I maintain at my bank (mostly stemming from my mortgage loan which counts towards that balance) I have a "premium" account that doesn't really have many limits.

That's an assumption then. Just because you can drop a lot of money on a car in one go (even if you paid the entire amount outright) doesn't automatically mean you have zero limits on your account in terms of spending. (For example, my bank's limits used to be $15 000 in a single transaction. Over the years, this has come down significantly, but I can see how that kind of limit would lead people to assume that they had no limits whatsoever.)

Your account type does not dictate expenditures allowable (although your varied accounts will of course reflect how much leeway the bank is willing to give you since you'll already have a very large loan with them due to your mortgage). It's actually your card, not the account, that controls the outward flow of your money. If you are a typical large spender and usually hit high weekly amounts on your account, then the bank will gradually increase your limit so that you can spend more and more (similar to how credit card companies will often up your credit limit if you are consistently getting close to the total loan amount).

Sorry, I'll be more explicit. Yes, I'm 100% certain, no I'm not making an assumption. I probably shouldn't have given that example. The feature is tied to my account type because that account type is backed by another credit account to deal with overdrafts.

Anyhow, we are getting way off topic, my point was merely that a person placing fraudulent charges on a debit/credit card can still cause quite a bit of pain, even if those transactions ultimately get removed.

No way. There is no way that you have a debit card that does not have a limit (unless your name is Bill Gates or something - and even then, I don't even know if it's viable for the system to accept no limits - there HAS to be a limit somewhere). Overdrafts ups your available limit based on your credit availability but does not allow you to exceed the total limit available via the card. Your limit may be insanely high (over 2 million for example), but there is no way that you do not possess a limit on your card.

Shoju wrote:I don't know how it is in canada, but in the US, the "fear" of Identity Theft is rampant.

I run my businesses website through paypal. Even the merchant account, because instead of our small business trying to stay ahead on security measures, it's Paypal's bill, and I'm ok with paying a little more per transaction to keep it that way.

You would be blow away by how many people still call in to give me a card over the phone because they just can't stand the idea of putting that info online, because "WHAT IF THEY STEAL MAH IDENTITY!?"

Which is funny, because they decide not to trust the website while they trust you, who could steal their identity all the same because they are giving you all the info you need.

Yes, but anyone could be behind a computer system. If you have someone on the phone, there is at least a little bit of accountability associated with it. That being said... nothing prevents people from tapping phones (other than illegality... but they're already breeching that by trying to steal identities anyway.)

I went in and changed my password. I'll probably go in today and change my security questions. Beyond that:

1) If my account gets hacked, it's just a game, and it can be restored

2) If I suffer from identity theft, it's mostly just money (could be credit rating issues until it gets cleared up, though even that comes down to money in the long run), and it can be restored

Either way, I don't really blame Blizzard. No matter how in depth your security is, someone will ALWAYS find a way around it. It's simply a matter of time. Blizz is doing everything they can, and have notified people of the issue. If they tried to cover it up, THEN I could possibly see blaming them and cancelling my account.

Speaking of security, and not meaning to derail, but just a little rant:

Why the heck do so many password validation processes insist on capitals and numbers in a password? It would take years longer to hack "thisiskoatangassupersecretpassword" than "1Bfq7r!#" by brute force methods. If you ask someone to make a password containing caps and numbers that is at least 8 characters long, most people will stop at 8 characters, because they don't want to remember more gobbledygook. But encouraging a minimum-length password only reduces the time a brute-force method would take to hack it.

Do note that "standard English prose", like thisiskoatangassupersecretpassword, is not necessarily a great password because there's a lot of predictability in word-order and most people will actually choose words from a small subset of their vocabulary.

Using truly random words from a very long list is, however, a good way to come up with a memorable password. Basically, you're chosing a few (4-5) tokens from a very big set (many thousands), rather than a few more (8-10) from a much more limited set (~70 upper case, lower case, numbers and symbols). Because there's less random items, and they're items that you are likely to be able to make a mental image of, such a password is easier to remember than "!;Q7$wNVz".

Koatanga wrote:Speaking of security, and not meaning to derail, but just a little rant:

Why the heck do so many password validation processes insist on capitals and numbers in a password? It would take years longer to hack "thisiskoatangassupersecretpassword" than "1Bfq7r!#" by brute force methods. If you ask someone to make a password containing caps and numbers that is at least 8 characters long, most people will stop at 8 characters, because they don't want to remember more gobbledygook. But encouraging a minimum-length password only reduces the time a brute-force method would take to hack it.

It depends what you are referring to as brute force. In the case of english sentences, standard dictionaries (password specialized) are regularly employed to send various strings at the authenticator. That's by far the more common attack and in that case random characters are far more secure than a sentence. Random characters probably won't be broken by that method at all.

Now in this case, the perps have the password hash on hand, so they can send a set of characters at the hash algorithm until it spits out the same hash. In that case, neither password is secure but as you said longer passwords take much longer to derive than shorter ones. However, for you to gain much of an advantage there, you have to be dealing with someone who has the hashed value, which they only get by breaking in in the first place.

So I think the random character password works better against the vast majority of attacks.

You also need to keep in mind that not only the password has to be secure, but you need to remember it.

I employ a number of different passwords and I don't believe I'd be able to remember a bunch of 1Bfq7r!# pass, more likely I'll have to write it down somewhere and what's the point in having a secret password if you have to write it where can be found?

As for myself, I use acronyms and they've served me well for years, I take a sentence easy to remember and use the first letter of each word, I usually end up with a 9/10 characters password which is as random as 1Bfq7r!#, but I can actually remember and I don't need to write it down or reset my pass every other use cause I've forgot it.

I have used the same password for everything for over 15 years and I only got hacked once (i was stupid enough to be keylogged, i suck). I think if you are able to just keep your computer secure any password would do.

theckhd wrote:Fuck no, we've seen what you do to guilds. Just imagine what you could do to an entire country. Just visiting the US might be enough to make the southern states try to secede again.

halabar wrote:Noo.. you don't realize the problem. Worldie was to negative guild breaking energy like Bolvar is to the Scourge. If Worldie is removed, than someone must pick up that mantle, otherwise that negative guild breaking energy will run rampant, destroying all the servers.

Not any, but I sort of agree, my first password did get hacked eventually, but that was stupidly easy and I'm impressed myself that was able to last for 7 years, and I'm still not sure if it was cracked or was an internal breach.

I tend to tell people to use a system to generate passwords, instead of using the same password everywhere.

Like, take the first four letters of the domain, reverse them, and add a word (or word salad) to the end. So a password at failsafedesign.com might be liafC@ts1!, while the battle.net password would be ttabC@ts1!

(this is, obviously, not the algorithm I use, but you get the idea)

Nothing to write down, and easy to remember a site's password years later.

i use a variation of the same password for almsot everything, but different capitalization and symbol placement for each serviceif you are going to brute force, ok gratz on bruteforcing a9 digit long pwif you are going to guess, you better know me back in HS when i was taking french

Brekkie:Tanks are like shitty DPS. And healers are like REALLY distracted DPSAmirya:Why yes, your penis is longer than his because you hit 30k dps in the first 10 seconds. But guess what? That raid boss has a dick bigger than your ego. Flex:I don't make mistakes. I execute carefully planned strategic group wipes.Levie:(in /g) It's weird, I have a collar and I dont know where I got it from, Worgen are kinky!Levie:Drunk Lev goes and does what he pleases just to annoy sober Lev.Sagara:You see, you need to *spread* the bun before you insert the hot dog.

I have two basic passwords that I use several variations on for most things (one I made up in school, the other was an alphanumeric automatically generated for an email account). For WoW I stopped using those and instead come up with a phrase (either at random or by association with a previous password) then mess about with the spelling and characters.

My password is a old nickname of mine, anyone who knows me since 10 years or so knows it

theckhd wrote:Fuck no, we've seen what you do to guilds. Just imagine what you could do to an entire country. Just visiting the US might be enough to make the southern states try to secede again.

halabar wrote:Noo.. you don't realize the problem. Worldie was to negative guild breaking energy like Bolvar is to the Scourge. If Worldie is removed, than someone must pick up that mantle, otherwise that negative guild breaking energy will run rampant, destroying all the servers.

Worldie wrote:My password is a old nickname of mine, anyone who knows me since 10 years or so knows it

this is mine tooi havent been known by it since my jr year of hs, 11 yrs ago?the symbols and numbers are completely unrelated to this nickname though

Brekkie:Tanks are like shitty DPS. And healers are like REALLY distracted DPSAmirya:Why yes, your penis is longer than his because you hit 30k dps in the first 10 seconds. But guess what? That raid boss has a dick bigger than your ego. Flex:I don't make mistakes. I execute carefully planned strategic group wipes.Levie:(in /g) It's weird, I have a collar and I dont know where I got it from, Worgen are kinky!Levie:Drunk Lev goes and does what he pleases just to annoy sober Lev.Sagara:You see, you need to *spread* the bun before you insert the hot dog.

... except my WoW password. I figure because I have an authenticator doodad and mobile phone security alerts enabled I can get away with it and BNet doesn't allow for very good passwords to be made anyway.

Worldie wrote:I have used the same password for everything for over 15 years and I only got hacked once (i was stupid enough to be keylogged, i suck). I think if you are able to just keep your computer secure any password would do.

This is going to bite you in the arse eventually. You might be secure, but the sites you're giving this password to are probably not. I'm pretty careful, and have never to my knowledge been compromised at my end through phishing or keylogger. However, my paypal was illegally accessed (sent $300 to Taiwan) when it was using my "everywhere" password. In other words, someone got a bunch of email addresses and passwords from a compromised site (a forum, or some other website), and tried the same combos in PayPal.

Same reason you should always have a completely unique password on any email accounts you have. A lot of sites use email address as a username, and if you use the same password there as on the email account then you've just given that site, and anyone who breaks it, access to your email. Since email is usually used for password reset features, you've probably just given them access to every online account you have.

which is why i have different email passwords most things use the same base one, but email ones are completely different

Brekkie:Tanks are like shitty DPS. And healers are like REALLY distracted DPSAmirya:Why yes, your penis is longer than his because you hit 30k dps in the first 10 seconds. But guess what? That raid boss has a dick bigger than your ego. Flex:I don't make mistakes. I execute carefully planned strategic group wipes.Levie:(in /g) It's weird, I have a collar and I dont know where I got it from, Worgen are kinky!Levie:Drunk Lev goes and does what he pleases just to annoy sober Lev.Sagara:You see, you need to *spread* the bun before you insert the hot dog.